This is how you can install a headless torrent server (transmission-daemon) in FreeBSD 11.2 so you can keep feeding the internet also the world.

You just need a VPS which has a reachable IP address but please keep that in mind this document has been prepared for IPv4. IPv6 configuration might need some extra work to do beside this blog post. Enjoy it!

Introduction

First of all, if you do not have any idea what’s FreeBSD, please refer here.

So it’s a free-software distribution developed by a large community in all over the world.

I’m a GNU/Linux System Engineer myself but I think I have a special interest for BSD kernel and its distributions all the time. So one day I spawned up a droplet through DigitalOcean with a FreeBSD cloud image pre-installed and it was ready to ssh (which I find so cool). I’m going to explain in this blog post technically how to install and configure transmission torrent server in FreeBSD 11.2 release and gonna mention some system administration practices such as firewalling in FreeBSD etc.

I hope no one is going to be mad at me from BSD community ((i have doubts if it even exists in Turkey but whatever) if I do some mistakes in this blog post technically (or, culturally I would say) because I have very strict GNU/Linux habits and it’s hard to switch my entire skill set to do the same thing with different ways is not a piece of cake that easily for me.

Preparation

Prior proceed with the transmission server installation, we need to check and fix couple of things because it’s going to be a production torrent server.

OpenSSH configuration

Package/Kernel Updates

Firewall (PF)

1. User Management, Authorization and OpenSSH

OpenSSH is pretty much the same software as we’re always using in our favorite GNU/Linux Distros (ok ok also in Mac too) but we need to ensure some of the openssh-server configuration.

I’m a fanatic of Math and Cryptology Science so I always trust to Math when it comes to authentication. I always disable password authentication for any user and permit root login for any method (cryptic or not). So ensure you have a RSA key-pair to use it for secure authentication.

First we need to create an admin user, it’s very simple, run below command and follow up with the instructions in CLI :

Note: make sure that this user is a member of “wheel” group because we need sudo to become root.

# adduser

Ensure /usr/local/etc/sudoers file has the correct configuration for wheel group :

I never open my root user to the world (better safe and “little paranoid” than sorry) but below also a good option :

PermitRootLogin without-password

Restart your service :

# service sshd restart

BSD distros are systemd-free operating systems. I hate that shit to be honest and trying to find some peace in my free times via tinkering BSD systems recently.

2. Package Management

pkg is the package manager for FreeBSD. There’s an also another popular way to install stuff in FreeBSD which is called “ports”. I enjoy it a lot myself but it seems like it’s compiling the source code and its dependencies all the time to install programs on your computer, I’m pretty sure that the binaries will be pretty stable btw, however; I’m going to install stuff via pkg package manager to not waste much of your time in this blog post.

Update your package index :

$ sudo pkg update

Upgrade your packages :

$ sudo pkg upgrade

Reboot (if necessary)

3. Firewalling in BSD (PF)

Packet Filter (from here on referred to as PF) is OpenBSD’s system for filtering TCP/IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization. PF has been a part of the GENERIC kernel since OpenBSD 3.0. For more info, please refer here.

In order to enable pf (or all services) we need to manipulate old-good rc files.

If my understanding is correct, above sysrc is a tool to safely edit system rc files so it simply adds above configuration to /etc/rc.conf if you do not say the otherwise. Now as you can see we’ve configured PF to look for its rules on /usr/local/etc/pf.conf. Here’s my pf.conf for a FreeBSD transmission server and some extra cool stuff like some preventions for SSH bruteforce attacks :

Be aware that when you navigate to the above web page, tranmission web-gui will pop-up a dialog box to ask you the username and the password for RPC you’ve configured in the settings.json. RPC on the open world is not so much a reliable way, but you can handle the security issues via using rpc-whilelists as well.

In web-gui you can easily upload any kind of torrent file or directly point to its URL and it will download the related torrent content for you in “download-folder” in your remote VPS or home server powered by FreeBSD. Transmission can be used by it’s CLI tool as well :